Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/df072c-1caf-4f8a-a494-7e3439af486f/1/MxQNfpi-fhkY4RJBYH0rmNMo89A.roa
File:                     MxQNfpi-fhkY4RJBYH0rmNMo89A.roa (raw, json)
Hash identifier:          LDqZG0CpfjjbhzqTlBUwL76WIHLWIHUvF2f/c9xQewQ=
Subject key identifier:   33:14:0D:7E:98:BE:7E:19:18:E1:12:41:60:7D:2B:98:D3:28:F3:D0
Certificate issuer:       /CN=82f8d1d97b986939833194ee234e0c4d95b52893
Certificate serial:       019424B3FA1E8D72FF3CF3492F8643C423FC
Authority key identifier: 82:F8:D1:D9:7B:98:69:39:83:31:94:EE:23:4E:0C:4D:95:B5:28:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gvjR2XuYaTmDMZTuI04MTZW1KJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/df072c-1caf-4f8a-a494-7e3439af486f/1/MxQNfpi-fhkY4RJBYH0rmNMo89A.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47106
IP address blocks:        193.46.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/df072c-1caf-4f8a-a494-7e3439af486f/1/gvjR2XuYaTmDMZTuI04MTZW1KJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/df072c-1caf-4f8a-a494-7e3439af486f/1/gvjR2XuYaTmDMZTuI04MTZW1KJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gvjR2XuYaTmDMZTuI04MTZW1KJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fa:1e:8d:72:ff:3c:f3:49:2f:86:43:c4:23:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82f8d1d97b986939833194ee234e0c4d95b52893
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33140d7e98be7e1918e11241607d2b98d328f3d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f1:86:46:6f:10:97:9f:96:e2:d3:8a:a2:2c:
                    f1:22:e2:a2:b9:26:a5:31:56:bb:e3:3b:6e:fc:40:
                    36:61:7b:a0:04:90:d4:b6:81:6d:7c:89:a0:32:e3:
                    f8:af:11:77:ea:7c:25:f4:0c:b9:20:ab:85:74:b3:
                    a0:7c:68:fa:88:ef:d0:61:f9:50:8f:09:c9:14:2b:
                    44:4d:06:79:4b:56:e1:6f:4b:22:5b:4e:fe:cf:31:
                    66:a9:6c:6b:c9:e7:07:09:e6:a1:d4:f2:f3:d5:a2:
                    b4:5e:79:c0:f5:0e:b9:5c:f9:73:2d:3a:80:70:c9:
                    d5:79:74:5a:4c:1f:3d:39:fc:24:be:1d:a7:39:a0:
                    2a:5c:26:9e:98:0a:30:72:3a:8a:5f:92:76:ce:cb:
                    2b:9f:45:68:9f:f2:42:e9:44:bb:2d:0e:75:c6:09:
                    14:ca:71:94:09:e9:5e:9f:aa:d4:d1:45:5e:3e:89:
                    76:8d:88:29:96:3b:41:34:bf:ec:b4:54:81:33:b0:
                    e2:9e:bb:27:9b:49:8f:22:2a:4f:08:40:71:80:a9:
                    0b:dd:51:20:53:d6:c8:a2:81:c6:49:16:5f:cf:0c:
                    99:61:3f:70:bb:7f:93:52:8a:a9:fe:8f:76:a8:90:
                    02:0e:82:14:cb:64:49:4c:d1:7f:01:22:da:78:83:
                    b3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:14:0D:7E:98:BE:7E:19:18:E1:12:41:60:7D:2B:98:D3:28:F3:D0
            X509v3 Authority Key Identifier:
                keyid:82:F8:D1:D9:7B:98:69:39:83:31:94:EE:23:4E:0C:4D:95:B5:28:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gvjR2XuYaTmDMZTuI04MTZW1KJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/df072c-1caf-4f8a-a494-7e3439af486f/1/MxQNfpi-fhkY4RJBYH0rmNMo89A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/df072c-1caf-4f8a-a494-7e3439af486f/1/gvjR2XuYaTmDMZTuI04MTZW1KJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:00:02:20:49:e9:46:53:47:62:dd:02:fa:1e:d9:61:0a:8d:
         e1:ed:58:d5:e7:a6:42:85:6d:a0:4b:4a:3e:3f:88:7a:ca:7b:
         b1:c3:13:37:16:93:9f:bf:6b:51:cf:cd:d5:e2:74:be:0c:ba:
         4f:60:e2:e8:6f:50:fb:d2:5f:ba:8e:5d:f9:03:8b:1c:9a:68:
         07:e8:fa:6f:fc:86:81:1b:fe:5e:12:f8:aa:89:49:a3:e6:c9:
         cb:ae:0f:c1:3a:08:26:f0:d3:2f:18:b1:ec:ee:64:d9:fb:fe:
         bc:35:1d:98:8d:6d:04:0e:3a:1f:0c:72:69:5b:eb:b9:95:ff:
         46:57:79:07:19:01:4e:a8:11:1a:f3:02:c7:46:0f:20:c6:a3:
         30:c0:5d:fa:9b:0d:ba:ca:fa:34:a7:09:89:7d:b2:0b:06:00:
         ee:01:0a:58:42:e3:a6:77:81:18:12:e3:ea:03:94:95:a6:8d:
         a0:df:47:a7:97:d5:26:f0:cd:25:59:ad:46:db:9b:88:7e:2a:
         85:74:2a:5b:e1:31:86:11:04:51:7e:be:3b:1e:4b:76:fa:79:
         8c:0b:97:cb:6f:6b:6a:77:8b:6a:3e:c0:60:e9:2f:3c:23:44:
         f6:15:bf:52:c9:28:fa:47:91:2f:a1:cb:bb:5d:fa:7c:45:7d:
         71:6a:18:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/oejXL/PPNJL4ZDxCP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZjhkMWQ5N2I5ODY5Mzk4MzMxOTRlZTIzNGUwYzRkOTVi
NTI4OTMwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzE0MGQ3ZTk4YmU3ZTE5MThlMTEyNDE2MDdkMmI5OGQzMjhmM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvGGRm8Ql5+W4tOKoizxIuKiuSal
MVa74ztu/EA2YXugBJDUtoFtfImgMuP4rxF36nwl9Ay5IKuFdLOgfGj6iO/QYflQ
jwnJFCtETQZ5S1bhb0siW07+zzFmqWxryecHCeah1PLz1aK0XnnA9Q65XPlzLTqA
cMnVeXRaTB89Ofwkvh2nOaAqXCaemAowcjqKX5J2zssrn0Von/JC6US7LQ51xgkU
ynGUCelen6rU0UVePol2jYgpljtBNL/stFSBM7Dinrsnm0mPIipPCEBxgKkL3VEg
U9bIooHGSRZfzwyZYT9wu3+TUoqp/o92qJACDoIUy2RJTNF/ASLaeIOzUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMUDX6Yvn4ZGOESQWB9K5jTKPPQMB8GA1UdIwQY
MBaAFIL40dl7mGk5gzGU7iNODE2VtSiTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3ZqUjJYdVlhVG1ETVpUdUkwNE1UWlcxS0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9kZjA3MmMtMWNhZi00ZjhhLWE0OTQt
N2UzNDM5YWY0ODZmLzEvTXhRTmZwaS1maGtZNFJKQllIMHJtTk1vODlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9kZjA3MmMtMWNhZi00ZjhhLWE0OTQtN2UzNDM5YWY0ODZm
LzEvZ3ZqUjJYdVlhVG1ETVpUdUkwNE1UWlcxS0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS7RMA0G
CSqGSIb3DQEBCwUAA4IBAQBiAAIgSelGU0di3QL6HtlhCo3h7VjV56ZChW2gS0o+
P4h6ynuxwxM3FpOfv2tRz83V4nS+DLpPYOLob1D70l+6jl35A4scmmgH6Ppv/IaB
G/5eEviqiUmj5snLrg/BOggm8NMvGLHs7mTZ+/68NR2YjW0EDjofDHJpW+u5lf9G
V3kHGQFOqBEa8wLHRg8gxqMwwF36mw26yvo0pwmJfbILBgDuAQpYQuOmd4EYEuPq
A5SVpo2g30enl9Um8M0lWa1G25uIfiqFdCpb4TGGEQRRfr47Hkt2+nmMC5fLb2tq
d4tqPsBg6S88I0T2Fb9SySj6R5Evocu7Xfp8RX1xahgL
-----END CERTIFICATE-----